The newly disclosed flaw is tracked as CVE-2024-0204 and is rated critical with a CVSS v3.1 score of 9.8 as it is remotely exploitable, allowing an unauthorized user to create admin users via the product’s administration portal. Creating arbitrary accounts with administrative privileges can lead to a complete device takeover. In the case of Go Anywhere MFT, that would allow attackers to access sensitive data, introduce malware, and potentially enable further attacks within the network.

For a complete description of the vulnerabilities and affected systems go to: Fortra's Security and Trust Center.

IT Security

Read more about IT Security service offerings.